Several local (remote) vulnerabilities have been discovered in libvorbis,a library for the Vorbis general-purpose compressed audio codec. The CommonVulnerabilities and Exposures project identifies the following problems:

CVE-2008-1419

libvorbis does not properly handle a zero value which allows remoteattackers to cause a denial of service (crash or infinite loop) ortrigger an integer overflow.